3 Unexpected (and Common) Data Breach Causes

3 Unexpected (and Common) Data Breach Causes

As companies are becoming more educated about cyber crimes and cyber liability, more measures have been taken to reduce the frequency and magnitude of data breaches. However, as fast as companies can adapt to make themselves less vulnerable to cyber crimes, cyber criminals can adapt their techniques to find new vulnerabilities. Although security efforts have helped lessen the damage caused by each data breach, in Q1 of this year alone, 686 breaches have been reported already, exposing approximately 1.4 billion records.

While companies focus on thwarting cyber criminals, they sometimes overlook some of the other less sinister events that can also cause costly data breaches, such as:

1. Violation of Company Policy

In one such event, a violation of company policy by an employee from the University of Michigan’s Michigan Medicine resulted in the compromise of the sensitive information of approximately 870 patients. The employee’s laptop, which contained protected health information (PHI) for a number of patients, was stolen from the employee’s vehicle. The laptop was password protected but unencrypted, leaving the patient data vulnerable. Company policy prohibits the storage of PHI on a personal unencrypted laptop.

2. Clerical Error

In Wisconsin, a simple clerical error led the company Dean Health Plan to send more than 1,300 letters to the wrong addresses. The company intended to send out letters that notified patients of the location of their primary care clinic, but a data file that was incorrectly formatted caused the patient names to be matched with the wrong mailing addresses. According a statement from Dean Health Plan, the only PHI contained in the letters were the patients’ names and the name and location of their clinics.

3. Unauthorized Employee Email Access

One of the most common overlooked data breach causes is the unauthorized access of an employee’s email account. Whether through an employee error such as clicking on a phishing link, or through simple password cracking, the breach of an employee’s email account can give an unwanted party access to a large amount of sensitive data. Two of the largest healthcare data breaches in June were the result of unauthorized email access, compromising the PHI of a combined total of over 29,000 individuals.

Best Practices for Data Breach Safeguarding

As exhibited in the first example above, company policy alone is not enough to prevent a data breach from occurring. Businesses who regularly send, receive and store sensitive information should have safeguards in place to reduce the likelihood of human error and unauthorized email access-related data breaches.

Some examples include:

  • Restricting access to work files from non-encrypted computers,
  • Amulti-factor authentication system for accessing employee email accounts, and
  • Using a HIPAA-compliant email system rather than tradition mail for sending information to patients.

In addition to reducing risks as much as possible through safeguards, companies should also have adequate cyber liability insurance, which can assist with the financial recovery of a data breach even if an employee is at fault.


About Connected Risk Solutions

At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (847) 832-9100.

About Connected Risk Solutions

At Connected Risk Solutions, we provide our agent partners with bold solutions for comprehensive insurance and risk management that are unmatched in the industry. We have market connections and collective decades of industry experience, including deep specialization in healthcare liability and managed care E&O, cyber and tech liability, management and professional liability, as well as captive management and risk management. We strive to develop creative solutions no other wholesaler can match and to help our agent partners give their clients the ability to achieve continued growth while simultaneously protecting against loss.

Our specialists, located in offices throughout the country, are responsive and engaged. To learn more, connect with us.

Table of Contents

Related Posts:
nursing home insurance
Safe Haven: Best Practices for Exceptional Care and Risk Mitigation in Nursing Homes
Providing quality care and protecting vulnerable residents should be the top priority for any nursing...
cyber insurance
Code Blue for Cyber Threats: Securing Patient Safety in the Digital Age
The healthcare industry increasingly relies on digital technology and interconnected systems to provide...
healthcare staffing agencies
Risk Management in Healthcare Staffing: The Importance of Excess Liability Coverage
Specialized healthcare staffing agencies play a crucial role in the healthcare industry by deploying...